Public Interest Groups Say FCC, Congress Should Impose Online Privacy Rules

The FCC sought prompt comment, releasing its notice Jan. 13 and making responses due Friday, nine days later. Comments are due Wednesday on a final public notice, seeking general replies on all matters raised since the start of staff workshops and release of the first public notices last August.

“There are a number of powerful online applications on the horizon that can provide great societal benefit, including eGovernment, smart grid technologies, and electronic health records,” said a set of groups led by the center. “Despite the unprecedented challenges to privacy in the modern environment, the United States still has no comprehensive law protecting consumer privacy rights. Adoption of such a framework should be one of the essential components of the National Broadband Plan.” Consumer Action, the Consumer Federation of America, the National Workrights Institute, Privacy Journal and Frank Pasquale, a law professor at Seton Hall University, signed the letter.

The groups suggested as a starting point for any privacy legislation or regulation the fair information practices guidelines developed by the Department of Homeland Security. They require disclosure of what information might be disclosed and a specification of “the purpose or purposes for which personal information is intended to be used,” the groups said. The guidelines provide that “only data directly relevant and necessary to accomplish a specified purpose should be collected and data should only be retained for as long as is necessary to fulfill a specified purpose” and that use of data should be limited, the letter said. Information should be protected against “loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure” and those storing data must be accountable and subject to audit.

Voluntary models don’t offer consumers adequate privacy protections, the American Civil Liberties Union, the Center for Digital Democracy, Consumer Action, the Consumer Federation of America, Consumer Watchdog, Privacy Lives, the Privacy Rights Clearinghouse, Privacy Times and U.S. PIRG, said in a joint filing. “The issue of consumer privacy protection is vitally important,” the groups said. “The FCC should consider all avenues it may use to protect consumers, including exercising its ancillary jurisdiction to address broadband privacy issues.” The issue is huge, the groups said. “According to a 2008 New York Times report on behavioral targeting, five U.S. companies alone -- Yahoo, Google, Microsoft, AOL and MySpace -- record at least 336 billion data ‘events’ each month,” they said. “In the absence of strong consumer privacy regulations, online advertisers will continue to mine consumer data, developing increasingly detailed user profiles and sharing their findings with partners and affiliates.”

But the U.S. Chamber opposed legislation or regulation in favor of a voluntary approach. “The U.S. Chamber believes that self-regulation and best business practices serve as the preferred framework for enhancing innovation and spurring broadband use while, at the same time, protecting consumers’ privacy online,” the group said. “In particular, self-regulation is an effective method of protecting consumer privacy on the Internet because the regulatory process is often incapable of responding rapidly to technological changes.”

USTelecom asked the FCC to defer to the FTC, “an agency that has traditionally been the expert agency on privacy matters, and that possesses the broad jurisdictional authority to develop privacy standards across many sectors of the on-line economy and take action against unfair or deceptive privacy practices.” The FTC “is currently hosting a series of privacy roundtables around the country, bringing together academics, public interest experts, and diverse private sector participants in a comprehensive set of panels,” the group said. “USTelecom believes that the FTC initiative holds real promise and that the FCC should be an active participant in this initiative, sharing its own expertise with the FTC, but allowing the FTC initiative to take the lead.”

The FCC and the FTC can encourage discussions and “raise awareness and educate consumers” about privacy but should let industry largely police itself, NCTA said. “Since consumer concerns vary and new services and technologies must respond in these unique contexts, it should rely on competitive market forces, existing safeguards and industry self-regulation to protect consumers’ privacy interests rather than further regulatory mandates,” NCTA said. “Such actions could impede further investment in broadband infrastructure by the private sector and constrain the development of innovative applications and content, thereby undermining the Commission’s broadband goals.”

Industry has been responsive to FTC recommendations of best practices to protect consumer privacy, AT&T said. “For its part, the Commission should ensure that the National Broadband Plan endorses the work that the FTC, other agencies and industry are doing, and encourages commitment on behalf of all internet-related industries to practices that will enhance consumer privacy and increase consumers’ understanding about and control over use of their personal data online,” the carrier said.

The Internet Commerce Coalition and TechAmerica suggested leaving discussion of privacy out of the broadband plan, with its tight deadlines. The FCC should “reconsider whether this proceeding is a proper mechanism to address such broad questions about privacy concerns,” they said. “Notably, Congress is likely to address many of the issues raised in the CDT letter, and the Federal Trade Commission, which is widely recognized for its online privacy expertise, is currently holding a series of privacy roundtable conferences examining the same subject matter.” The groups said that “the truncated timeframe in which the Commission has solicited input from interested stakeholders is likely to lead to an incomplete record” on the privacy issues raised.